def has_item_write_permission(self, user_id, item):
"""The group moderator and the member can change an enrollment."""
if user_id == str(get_id(item['user'])):
# Own membership can be modified
return True
else:
# Check if moderator
# Note: Group must exist, otherwise membership would not exist
# Furthermore user_id can't be None so if there is no moderator
# we will correctly return False
collection = current_app.data.driver.db['groups']
group = collection.find_one({'_id': get_id(item['group'])},
{'moderator': 1})
return user_id == str(group.get('moderator'))
def has_item_write_permission(self, user_id, item):
"""The group moderator and the member can change an enrollment."""
if user_id == str(get_id(item['user'])):
# Own membership can be modified
return True
else:
# Check if moderator
# Note: Group must exist, otherwise membership would not exist
# Furthermore user_id can't be None so if there is no moderator
# we will correctly return False
collection = current_app.data.driver.db['groups']
group = collection.find_one({'_id': get_id(item['group'])},
{'moderator': 1})
return user_id == str(group.get('moderator'))
def has_item_write_permission(self, user_id, item):
"""Users can modify their signups within the registration window.
Moderators can not modify signups from other users.
"""
if isinstance(item['event'], dict):
event = item['event']
else:
# Event is not embedded, get the event first
lookup = {current_app.config['ID_FIELD']: item['event']}
event = current_app.data.find_one('events', None, **lookup)
# Remove tzinfo to compare to utcnow (API only accepts UTC anyways)
time_register_start = event['time_register_start'].replace(tzinfo=None)
time_register_end = event['time_register_end'].replace(tzinfo=None)
# Only the user itself can modify the item (not moderators), and only
# within the signup window
return (('user' in item) and (user_id == str(get_id(item['user'])))
and (time_register_start <= dt.utcnow() <= time_register_end))
def has_item_write_permission(self, user_id, item):
"""Users can modify their signups within the registration window.
Moderators can not modify signups from other users.
"""
if isinstance(item['event'], dict):
event = item['event']
else:
# Event is not embedded, get the event first
lookup = {current_app.config['ID_FIELD']: item['event']}
event = current_app.data.find_one('events', None, **lookup)
# Remove tzinfo to compare to utcnow (API only accepts UTC anyways)
time_register_start = event['time_register_start'].replace(tzinfo=None)
time_register_end = event['time_register_end'].replace(tzinfo=None)
# Only the user itself can modify the item (not moderators), and only
# within the signup window
return (('user' in item) and
(user_id == str(get_id(item['user']))) and
(time_register_start <= dt.utcnow() <= time_register_end))
def has_item_write_permission(self, user_id, item):
"""The group moderator is allowed to change things."""
# Return true if a moderator exists and it is equal to the current user
return item.get('moderator') and (
user_id == str(get_id(item['moderator'])))
def has_item_write_permission(self, user_id, item):
"""Allow users to modify only their own sessions."""
# item['user'] is Objectid, convert to str
return user_id == str(get_id(item['user']))
def has_item_write_permission(self, user_id, item):
"""The group moderator is allowed to change things."""
# Return true if a moderator exists and it is equal to the current user
return item.get('moderator') and (user_id == str(
get_id(item['moderator'])))
def has_item_write_permission(self, user_id, item):
"""Allow users to modify only their own sessions."""
# item['user'] is Objectid, convert to str
return user_id == str(get_id(item['user']))
def has_item_write_permission(self, user_id, item):
return str(get_id(item['uploader'])) == user_id
